Skip to content

Infrastructure and configuration management for creating a NTP Pool server

Notifications You must be signed in to change notification settings

aboutte/ntppool_deployment

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status

ntppool_deployment

Summary

This repository can be used to quickly stand up NTP Pool servers. I recently wanted to contribute back to the NTP Pool but do not have have physical resources to donate back with. Using Cloudformation we can provision all of the needed infrastructure and then using Chef we can configure an EC2 instance to the NTP Pool specifications.

Details

The Cloudformation template will create the following resources:

  • VPC
  • 3 subnets, 1 per AZ
  • ACL
    • inbound
      • UDP 123
    • outbound
      • TCP 80
      • TCP 443
      • UDP 123
      • TCP ephemeral ports (1024-65535)
  • Launch Configuration
  • Auto Scaling Group
  • EIP (only if EIP has not be passed into CloudFormation via the eip parameter)

AWS Architecture

Usage

I prefer to autogenerate my CloudFormation JSON so I use the cloudformation-ruby-dsl. This section will walk through how to get your environment setup to launch a CloudFormation stack

Prerequisites

  • AWS credentials setup. Example using environment variables in ~/.bash_profile:
export AWS_ACCESS_KEY_ID="xxxxxxxx"
export AWS_SECRET_ACCESS_KEY="xxxxxxxx"
  • A sane Ruby environment setup on your workstation. My recommended approach would be to install the ChefDK

Install

# Clone repo from GitHub
git clone [email protected]:aboutte/ntppool_deployment.git
cd ntppool_deployment
bundle install

ntppool_deploument.rb usage message

cd cloudformation
$ bundle exec ntppool_deployment.rb
usage: cloudformation/ntppool_deployment.rb <expand|diff|validate|create|update|cancel-update|delete|describe|describe-resource|get-template>

Launching CloudFormation stack:

bundle exec cloudformation/ntppool_deployment.rb create --region us-west-2 --stack-name ntppool-$(date '+%s') --parameters "environment=production;hostname=ntp-usw2.andyboutte.com;eip=52.37.145.131;keyName=aboutte;instanceType=t2.micro" --disable-rollback

Validate CloudFormation Syntax:

bundle exec cloudformation/ntppool_deployment.rb validate --region us-west-2 --stack-name ntppool-$(date '+%s') --parameters "environment=production;hostname=ntp-usw2.andyboutte.com;eip=52.37.145.131;keyName=aboutte;instanceType=t2.micro" --disable-rollback

Testing

Local

The following command can be used for testing locally:

cd chef/cookbooks/ntppool_deployment/
export AWS_PROFILE="p"; kitchen verify

Travis CI

Some of the Rake tasks require AWS credentials. I have created a travisci user in my NTP AWS account and provided the following inline IAM Policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1489533261000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:ValidateTemplate"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1489533843000",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeImages"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Following the Travis CI documentation I encrypted my AWS Key and Secret:

gem install travis
travis encrypt AWS_ACCESS_KEY_ID="AK...EA" --add
travis encrypt AWS_SECRET_ACCESS_KEY="P1V...QDV" --add

which automatically updated my .travis.yml file with the secrets.